tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-09 23:14:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

LdapUserBackend: Fetch and interpret the correct attributes (ActiveDirectory)

Browse Source 
refs #8826
This commit is contained in:
Johannes Meyer 2015-06-01 12:23:16 +02:00
parent 7127d5eb39
commit d1a5321d02
1 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
library/Icinga/Authentication/User/LdapUserBackend.php
View File

@ -3,6 +3,8 @@
namespace Icinga\Authentication\User; namespace Icinga\Authentication\User;
use DateTime;
use Icinga\Application\Logger;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\Exception\AuthenticationException; use Icinga\Exception\AuthenticationException;
use Icinga\Exception\ProgrammingError; use Icinga\Exception\ProgrammingError;
@ -255,17 +257,102 @@ class LdapUserBackend extends Repository implements UserBackendInterface
throw new ProgrammingError('It is required to set a attribute name where to find a user\'s name first'); throw new ProgrammingError('It is required to set a attribute name where to find a user\'s name first');
} }
if ($this->ds->getCapabilities()->hasAdOid()) {
$isActiveAttribute = 'userAccountControl';
$createdAtAttribute = 'whenCreated';
$lastModifiedAttribute = 'whenChanged';
} else {
$isActiveAttribute = 'unknown';
$createdAtAttribute = 'unknown';
$lastModifiedAttribute = 'unknown';
}
return array( return array(
$this->userClass => array( $this->userClass => array(
'user' => $this->userNameAttribute, 'user' => $this->userNameAttribute,
'user_name' => $this->userNameAttribute, 'user_name' => $this->userNameAttribute,
'is_active' => 'unknown', // msExchUserAccountControl == 2/512/514? <- AD LDAP 'is_active' => $isActiveAttribute,
'created_at' => 'whenCreated', // That's AD LDAP, 'created_at' => $createdAtAttribute,
'last_modified' => 'whenChanged' // what's OpenLDAP? 'last_modified' => $lastModifiedAttribute
) )
); );
} }
/**
* Initialize this repository's conversion rules
*
* @return array
*
* @throws ProgrammingError In case $this->userClass has not been set yet
*/
protected function initializeConversionRules()
{
if ($this->userClass === null) {
throw new ProgrammingError('It is required to set the objectClass where to look for users first');
}
if ($this->ds->getCapabilities()->hasAdOid()) {
$stateConverter = 'user_account_control';
$timeConverter = 'generalized_time';
} else {
$timeConverter = null;
$stateConverter = null;
}
return array(
$this->userClass => array(
'is_active' => $stateConverter,
'created_at' => $timeConverter,
'last_modified' => $timeConverter
)
);
}
/**
* Return whether the given userAccountControl value defines that a user is permitted to login
*
* @param string|null $value
*
* @return bool
*/
protected function retrieveUserAccountControl($value)
{
if ($value === null) {
return $value;
}
$ADS_UF_ACCOUNTDISABLE = 2;
return ((int) $value & $ADS_UF_ACCOUNTDISABLE) === 0;
}
/**
* Parse the given value based on the ASN.1 standard (GeneralizedTime) and return its timestamp representation
*
* @param string|null $value
*
* @return int
*/
protected function retrieveGeneralizedTime($value)
{
if ($value === null) {
return $value;
}
if (
($dateTime = DateTime::createFromFormat('YmdHis.uO', $value)) !== false
|| ($dateTime = DateTime::createFromFormat('YmdHis.uZ', $value)) !== false
|| ($dateTime = DateTime::createFromFormat('YmdHis.u', $value)) !== false
) {
return $dateTime->getTimeStamp();
} else {
Logger::debug(sprintf(
'Failed to parse "%s" based on the ASN.1 standard (GeneralizedTime) for user backend "%s".',
$value,
$this->getName()
));
}
}
/** /**
* Probe the backend to test if authentication is possible * Probe the backend to test if authentication is possible
* *